We decided to make the most of this event and ask leading cyber professionals – ‘What is your recommended cyber resource?’ To get their insight and knowledge on the cyber space to help those within it – whether you’re new to cyber or wish to expand your current knowledge.
Here’s what they had to say;
‘Engaging with your local cybersecurity community, not just at the professional level but at the community level. Find local hacker spaces, and that’s where you’re going to be able to a keep on the pulse of what’s really going on. Your primary focus is going to be to get your community, use those networks and that’s how you’re really going to be able to proceed.’
‘One of the most important things I see at the moment is around threat modelling and there are a couple of really interesting books around cyber security and threat modelling that I would recommend. Both are by Adam Shostack. One is called Threat Modelling The Basics I think it is, and the other one is really nerdy, brilliant book called Threats: What Every Engineer Should Know. It brings together Star Wars and threat modelling which are two of my favourite things, so I would definitely recommend.’
‘The personal choice is usually low cost or free because we’re usually dealing with students. So YouTube is a good place to start because you have your options of careers you’re going in to. If you’re going through a pen testing course, there’s lots of material on there. You can move on to Udemy as some courses are free on Udemy. If not, they’re usually as cheap as 10 euro. I believe you should move into something like Github for multiple reasons. One is if you’re pen testing, you can do your own personal penetration tests on vulnerable web apps for example, and upload them to Github. So then your employer can review them and see – ‘Oh, he’s actually doing a good pen test’. It’s a good report, you’re building up the experience and you’re using Github.’
‘Understanding attacker mindsets, understanding technologies, not just where they are but where they go to is really important to get ahead of the next big thing so that you’re not constantly reacting. For me, another unsung but very key part is my interest in science fiction. The other day I was reading a book called the Three Body Problem, and part of it talks about cosmic sociology, about an attacker and defender in unknown states and communication chains. And a problem I had been having in cyber security terms, instantly clicked with that. And out of this book, fictional book written 15 years ago, I got a new perspective on something that was right now immediate and helped me solve the problem in a really novel way. So it’s important to consider that, there’s so much inspiration in background reading and it’s all relevant and unique.’
‘I’d really recommend YouTube, much like Google or any search engine, you can look for whatever you need to find. I know personally on a week to week basis, I make heavy use of YouTube. Be it for any new vulnerability that may have came out, or if I want some walkthrough of anything technical that I don’t know already know the answer to. IppSec specifically has some really good HackTheBox walkthroughs and is soemone that has been producing content for quite a long time. John Hammond as well I think is quite an obvious choice. John produces some fantastic content, but in a way that the level is easy for people to understand.’
‘Nemstar actually run a YouTube channel giving free resources. The likes of the masterclass series we just launched talking about SolarWinds and SUNBURST. So that’s basically what we call the greatest hack the world has ever seen. It’s a free resource on YouTube for people to go on and hack a look at it, it’s basically state actor hacking. The next episode will be about our courses as well, like the likes of CEH and how to pass and 3 hardest questions type of thing. It’s very interesting.’
‘TryHackMe! Love the site, I’m not sponsored by them, I promise! Although, if TryHackMe sees this and want to sponsor the Battlebots (laughing). It’s a great resource, they really walk you through from beginner, there’s intermediate stuff, there’s lots in there for any level. It’s a bit easier, in my opinion, than HackTheBox as it holds your hands a bit more. So, I’d recommend it.’
‘I would recommend Ghost In The Wires which is a book from Kevin Mitnick. Unfortunately, he passed away a couple of months ago, but he had a really interesting life story. He spent most of it on the run from the FBI. He was the FBI’s Most Wanted Hacker. An interesting anecdote from the book was that the judge said he wasn’t allowed access to a phone in prison because they said he could start a nuclear war by whistling into the phone. It’s not too technical, but there’s some very interesting stories in there that can be quite motivating for people getting into cyber security.’
If the recommendations above weren’t enough, BSides Belfast suggested themselves on their own LinkedIn, about Defcon.orgs Book List, which is a great list of books that includes a wide range of cybersecurity books!
A huge thanks to our interviewees for taking the time to answer our questions and suggesting fantastic resources!
